Add a Google Alerts type thing to that so I can be notified any time a bill is up for a vote by my representative and any time anyone proposes a bill on copyright law and I think we instantly make government a LOT more transparent and accessible.
Too many Microsoft full time employees have a pretty bad case of arrogance. There are a lot of nice folks too, but quite a few are jerks.
Microsoft is also still trying to figure out how to manage the growth that it has experienced and not only does the right hand not know what the left hand is doing, the index finger and the ring finger are barely aware that the thumb exists let alone knowing what it is doing.
Find your local toastmasters club and practice. Since joining toastmasters, I have had many comments from people in both my work and personal life about how much my verbal communication has improved.
Each speech will give you supportive and constructive feedback from multiple people, from multiple experience levels, and from multiple walks of life. I now find myself re-thinking how I explain quite a few technical things to others and catch myself when I am talking to non-technical people and I start to use the jargon that is so automatic among technical folks. I still pause and think about how to appropriately re-phrase what I was about to say to make it more appropriate to the people that I am talking to, but at least I am catching myself now when I used to rattle on and lose them long before I realized that they weren't getting it.
Besides, the dues are about the same as a magazine subscription. It is quite inexpensive for what you get.
Have you ever been on the receiving end of patches?
Nearly all patches are unacceptable because they break something else that the original author does not care about. This patch fixes 64-bit code... at the expense of all 32-bit code. This patch fixes a warning... at the expense of not compiling with anything but gcc. So on and so on.
In fairness, I have not really been in that situation. I have been on the receiving end for really small projects with only a handful of users.
For large projects, I can empathize.
For small projects that have had fewer than 1000 downloads in the last year, I have less empathy when I try to help and don't even get an acknowledgement or a rejection email.
A few times, especially with Perl, I follow the documentation step by step and it doesn't work. Spending time understanding the code, thank God that Perl is by definition open source, I usually find some undocumented dependencies that solve the problem.
With commercial projects and free projects requiring technically complex code, as often as not, I run into documentation that expects you to read and comprehend everything that the programmer had to comprehend to write the code before you can even use it. I don't fault the programmers, it is hard to write good, useful documentation and having written the code can be a liability when it comes time to provide a plain-english explanation.
It isn't always the case, but if you are getting a lot of bogus bug reports, you might consider that your design is non-intuitive or that your documentation is too complex.
I ran into an annoying little bug with Perl Win32::SoundRec, figured out how to fix it, patched my own system, and then spent 30 minutes trying to find info on where to submit the fix. I finally emailed the author and got no response. Months later, the bug is still there. The fix is three lines of code and two extra calculations.
I had some crashes with Mozilla and tried to get symbols, it turns out that the release build doesn't have published symbols so my effort to repro a stress bug and capture it in windbg was wasted.
In the pre-1.0 kernel days, I had problems getting two 3c509 nics to work in a box at the same time. With the help of a friend, we made a 3c509-2 driver by copying and changing all of the identifiers. The hack worked, but it was a hack. At the time, I didn't take the time to report the limitation anywhere or investigate further.
So, when I as a 99.9% user tries that 0.1% of the time to contribute, why is it always a pain? I would love to contribute. If the bar were lower, if I could take a 1-line fix and get someone to pay attention, or if I could take that bug and get support in debugging it other than "compile it yourself", I am sure my contribution rate would quadruple.
Maybe a college student has enough time to spend decyphering how to contribute. I don't have that much time anymore.
Sigh...that is the danger of writing to a mass-audience. Too often, the humor doesn't translate well.
I don't blame MS for not releasing their bug list. I have seen it. I have contributed to it. All I am saying is that the unix bug disclosure is wide open and the Windows bug disclosure doesn't always happen until the bug is fixed so comparing numbers of bug disclosures for each isn't an apples to apples comparison.
Even if they did release their bug lists, it still wouldn't be an apples to apples comparison because Microsoft considers things like incorrect tab order for controls in a window to be a bug and a lot of linux developers would be hard pressed to cosnider that a legitimate bug.
Are bugs hard to fix? Hell YES they are HARD. I have spent weeks trying to reproduce a single crashing bug. I have watched a team of 5 developers spend two weeks digging into a bug going all the way from end user application level down to the HAL. This is my 7th year as a professional software test engineer. I manually test, I write test automation, I debug test automation, and I help debug product bugs in application and system level components. Yes, it is an amazing challenge some days, and incredibly frustrating, but it is worth it to me if I catch a bug before it causes customers pain.
I also know that managers make trade-off decisions and make decisions about when to ship based on which bugs are acceptable to ship with. I hated many of their decisions. I don't think that they really understood the customer pain and that is what really pisses me off. Most of the bugs that users hit are management trade-offs. Most of the customer pain *could* have been avoided if the development team had been allowed to do what they wanted.
In the end, for most of the people here, it is a religious issue. Heck, I get fanatical about it. I want to throw my fist through the wall when the computer crashes and I can't file a bug to get that particular problem fixed.
Microsoft is a company. It is a legal "entity". It can not love you. Try not to get too wrapped up in it. I mainlined the kool-aid myself at one time and it has been hard to let it go, but it is possible.
Don't let the Anything But Microsoft crowd get to you...logic won't change their minds. It is an emotional decision. People get burned too much by crashes, or viruses, or Windows Me and they get a really icky taste in their mouth and that taste will stay with them for decades.
You might check out minimsft.blogspot.com for a look behind the scenes.
My handle is a bit of a joke too. I like various unix flavors, but I spent 5 years as a blue-badge at Microsoft where I had a lot of fun testing and helping the developers improve the quality of Windows.
I am serious about software quality, I hate it when users hit bugs! I agree that Linux has a lot of security bugs that are fixed regularly. How many would be reported for Windows if Microsoft's bug database was open to the world?
How can I configure so that it doesn't crash at inconvenient times, so that it doesn't need a dozen security updates every month, and so that it will work like marketing claims it will?
NO! No matter what, we can not give up our freedom!
If preventing "religous fundamentalist terrorism" means giving up my freedom, all I am doing is trading the small terror that I face today for the terror of an unleashed leviathan tomorrow.
We have already given up too much individual power to the government.
"Mega-retailers comes out of over-regulation. High gas prices, too. Both are part of the problem of big government."
Maybe I am just dense this morning, but I don't follow how mega-retailers and high gas prices are the result of over-regulation. I'd like to hear your reasoning behind this assertation.
I would have normally thought that mega-retailers come from economies of scale and market forces and are not restricted in growth because of of little regulation at the local level.
I can see how taxes and some regulations increase gas prices, but on the flip side the cost of roads is highly subsidised vs the cost of railroads. If true market costs were felt on each, much of the current cross-country truck transit would be moved to rail.
If I have a flawed view of the world or economics, I would like to correct that view.
There was a news article a while back about coca plants in columbia developing a resistance to RoundUp. It was a combination of plants mutating and humans finding and helping along resistant mutations.
You may have to subtly introduce ideas and not worry about getting credit.
Depending on the size and culture of the company making changes can range from demonstrating it first, doing it and asking for forgiveness later, to even subtly mentioning some ideas to the right person and allowing them to later "have a great idea" that you can implement.
Find another professional who you respect, they don't need to be a developer but it is preferable that they can grok technology and your work situation and that they don't report to anyone near your manager. Ask them if they would mentor you and have weekly or monthly coffee with them so you can bounce ideas off of them.
In the long run, their advice will be much better than what you get on Slashdot!...oh, and don't quit yet, you might find that you are in a perfect position to grow your leadership potential.
Once you install version control and bug tracking, make some time to teach your manager how to use them and show him how to pull statistics from them.
Hopefully seeing the value of the statistics and an example of tracking changes and how you can back out a buggy change several revisions ago will change his mind.
If not, you might need to set up a seperate branch and an automated nightly diff/copy/submit that will automatically pull in changes that your manager makes to code stored on a share.
It takes some people a little while to get used to the process of using revision control and bug tracking systems. Your manager is probably reluctant beause he hasn't been shown the value and is nervous about learning something new.
...and here I thought that the music industry hasn't been releasing new music and I come to find out that my "english" filter was redirecting all of their new music to the trash.
Let's take a look and see...nope, the filter was right, it is right where it belongs.
Law Enforcement in some states will allow civilians to volunteer time assisting with some types of cases. You might be able to help a police officer and get training.
Many of the forensics software vendors offer training. This is tool-specific and wouldn't emphasise the legal context as much.
SANS also has a training program. I have reviewed a few of the materials and it gets very technically detailed, but it might be slightly lacking in the areas of working with lawyers and the legal process.
Current DoD standards call for 7 writes - several random with at least one of all zeros and at least one of all ones.
Some research in the last year using electron microscopes suggests that to really make the data unreadable, 14 writes should be done.
Despite both of these, modern (in excess of 20 GB) drives are using increasing levels of abstraction where without intimate knowledge of the drive firmware logic AND the full contents of the drive ROM AND the electron microscope/spin stand data, once it is wiped even one time you are relatively safe.
Beyond the first wipe, if it is wiped with random data, I would hazzard a guess that 99% of the forensics experts wouldn't be able to recover much beyond knowledge of the program that wiped the drive.
This is a mess. If at all possible, turn the computer off now, don't let anyone else touch it, and call a forensics expert before you contaminate this evidence any further.
You mention that the drive has been used for a period of time since the original forensics expert examined it. That could be a problem.
Ideally, the orignal forensics expert would have used a write blocking device (hardware) and carefully made a bit for bit (dd, encase, etc.) image of the drive.
That image is evidence and should be made available to opposing council and their experts for examination.
If an image was not obtained, you might have reason to question the completeness of the original investigation.
In either case, I would make your own image as soon as possible. If you can't get a forensics person (please try to get a professional first), then boot from a knoppix or forenisic linux boot disk and use DD to make a drive image and burn a copy of that image to CD. (This isn't perfect, but in this case the data has already been altered by a period of normal use and knoppix + dd are known quantities.)
Just make detailed notes about everything that you do and everything that happened to the drive since it was last touched by the suspect. Include a list of everyone who is known to have accessed the system and everyone who could have accessed the system.
Depending on the software used and the methods that the suspect used, there might be a lot of data and there might be just a few bits of data that could prove either case.
If it really matters, hire someone who has been trained in computer forensics to examine your DD image. If you would like to provide a throwaway email address where we can reach you, I am sure that a few dozen slashdotters would be willing to send you our CVs and we can either discuss the case further or send you to a reputable expert in your area.
On the other hand, if you are just curious, visit and load up the image in FTK. If you don't know what you are looking for, you could spend months searching for evidence. If you do know what you are looking for, you could easily spend a week just collecting all of the relevant evidence.
Better yet, find a professional and leave the job to them. Ask a professional group like http://www.ctin.org/ for a reference. (Full Disclosure: I am a member of CTIN and I have studied computer forensics, but I am not a yet a practitioner in the field so please call a professional before following the advice that you read on slashdot.)
If you find a good person, they will tell you what they can and can't do and they will verify that they are qualified to do the examination before they take the case.
Slashdot Mirror
Add a Google Alerts type thing to that so I can be notified any time a bill is up for a vote by my representative and any time anyone proposes a bill on copyright law and I think we instantly make government a LOT more transparent and accessible.
Afterwhich Rambus was never trusted in a standards committee again...
WinCE and WinNT have WinME in common: Windows CE ME NT = Windows CEMENT
...wince - ouch!
And who ever came up with the naming of WinCE?
Too many Microsoft full time employees have a pretty bad case of arrogance. There are a lot of nice folks too, but quite a few are jerks.
Microsoft is also still trying to figure out how to manage the growth that it has experienced and not only does the right hand not know what the left hand is doing, the index finger and the ring finger are barely aware that the thumb exists let alone knowing what it is doing.
http://www.toastmasters.org/
Find your local toastmasters club and practice. Since joining toastmasters, I have had many comments from people in both my work and personal life about how much my verbal communication has improved.
Each speech will give you supportive and constructive feedback from multiple people, from multiple experience levels, and from multiple walks of life. I now find myself re-thinking how I explain quite a few technical things to others and catch myself when I am talking to non-technical people and I start to use the jargon that is so automatic among technical folks. I still pause and think about how to appropriately re-phrase what I was about to say to make it more appropriate to the people that I am talking to, but at least I am catching myself now when I used to rattle on and lose them long before I realized that they weren't getting it.
Besides, the dues are about the same as a magazine subscription. It is quite inexpensive for what you get.
Have you ever been on the receiving end of patches?
Nearly all patches are unacceptable because they break something else that the original author does not care about. This patch fixes 64-bit code... at the expense of all 32-bit code. This patch fixes a warning... at the expense of not compiling with anything but gcc. So on and so on.
In fairness, I have not really been in that situation. I have been on the receiving end for really small projects with only a handful of users.
For large projects, I can empathize.
For small projects that have had fewer than 1000 downloads in the last year, I have less empathy when I try to help and don't even get an acknowledgement or a rejection email.
Having usable documentation is nice too.
A few times, especially with Perl, I follow the documentation step by step and it doesn't work. Spending time understanding the code, thank God that Perl is by definition open source, I usually find some undocumented dependencies that solve the problem.
With commercial projects and free projects requiring technically complex code, as often as not, I run into documentation that expects you to read and comprehend everything that the programmer had to comprehend to write the code before you can even use it. I don't fault the programmers, it is hard to write good, useful documentation and having written the code can be a liability when it comes time to provide a plain-english explanation.
It isn't always the case, but if you are getting a lot of bogus bug reports, you might consider that your design is non-intuitive or that your documentation is too complex.
I ran into an annoying little bug with Perl Win32::SoundRec, figured out how to fix it, patched my own system, and then spent 30 minutes trying to find info on where to submit the fix. I finally emailed the author and got no response. Months later, the bug is still there. The fix is three lines of code and two extra calculations.
I had some crashes with Mozilla and tried to get symbols, it turns out that the release build doesn't have published symbols so my effort to repro a stress bug and capture it in windbg was wasted.
In the pre-1.0 kernel days, I had problems getting two 3c509 nics to work in a box at the same time. With the help of a friend, we made a 3c509-2 driver by copying and changing all of the identifiers. The hack worked, but it was a hack. At the time, I didn't take the time to report the limitation anywhere or investigate further.
So, when I as a 99.9% user tries that 0.1% of the time to contribute, why is it always a pain? I would love to contribute. If the bar were lower, if I could take a 1-line fix and get someone to pay attention, or if I could take that bug and get support in debugging it other than "compile it yourself", I am sure my contribution rate would quadruple.
Maybe a college student has enough time to spend decyphering how to contribute. I don't have that much time anymore.
Wherever mountains, rivers, and lakes don't get in the way, every road is on a 1 mile square grid in the western US.
I am in favor of using metric for all science and engineering measurements, but leave our road signs alone please.
I have had decent results with a little utility called Virtual Audio Cable.
I haven't used it specifically with Skype, but I have used it with half a dozen other audio applications.
Sigh...that is the danger of writing to a mass-audience. Too often, the humor doesn't translate well.
I don't blame MS for not releasing their bug list. I have seen it. I have contributed to it. All I am saying is that the unix bug disclosure is wide open and the Windows bug disclosure doesn't always happen until the bug is fixed so comparing numbers of bug disclosures for each isn't an apples to apples comparison.
Even if they did release their bug lists, it still wouldn't be an apples to apples comparison because Microsoft considers things like incorrect tab order for controls in a window to be a bug and a lot of linux developers would be hard pressed to cosnider that a legitimate bug.
Are bugs hard to fix? Hell YES they are HARD. I have spent weeks trying to reproduce a single crashing bug. I have watched a team of 5 developers spend two weeks digging into a bug going all the way from end user application level down to the HAL. This is my 7th year as a professional software test engineer. I manually test, I write test automation, I debug test automation, and I help debug product bugs in application and system level components. Yes, it is an amazing challenge some days, and incredibly frustrating, but it is worth it to me if I catch a bug before it causes customers pain.
I also know that managers make trade-off decisions and make decisions about when to ship based on which bugs are acceptable to ship with. I hated many of their decisions. I don't think that they really understood the customer pain and that is what really pisses me off. Most of the bugs that users hit are management trade-offs. Most of the customer pain *could* have been avoided if the development team had been allowed to do what they wanted.
In the end, for most of the people here, it is a religious issue. Heck, I get fanatical about it. I want to throw my fist through the wall when the computer crashes and I can't file a bug to get that particular problem fixed.
Microsoft is a company. It is a legal "entity". It can not love you. Try not to get too wrapped up in it. I mainlined the kool-aid myself at one time and it has been hard to let it go, but it is possible.
Don't let the Anything But Microsoft crowd get to you...logic won't change their minds. It is an emotional decision. People get burned too much by crashes, or viruses, or Windows Me and they get a really icky taste in their mouth and that taste will stay with them for decades.
You might check out minimsft.blogspot.com for a look behind the scenes.
No harm done, no offense taken.
Best of luck to you.
My earlier post was meant to be humor.
My handle is a bit of a joke too. I like various unix flavors, but I spent 5 years as a blue-badge at Microsoft where I had a lot of fun testing and helping the developers improve the quality of Windows.
I am serious about software quality, I hate it when users hit bugs! I agree that Linux has a lot of security bugs that are fixed regularly. How many would be reported for Windows if Microsoft's bug database was open to the world?
Apples != Oranges.
Chill! Sometimes a cigar is just a cigar.
How can I configure so that it doesn't crash at inconvenient times, so that it doesn't need a dozen security updates every month, and so that it will work like marketing claims it will?
Where can I find linux?
Why does Vista look so much like OS X?
NO! No matter what, we can not give up our freedom!
If preventing "religous fundamentalist terrorism" means giving up my freedom, all I am doing is trading the small terror that I face today for the terror of an unleashed leviathan tomorrow.
We have already given up too much individual power to the government.
"Mega-retailers comes out of over-regulation. High gas prices, too. Both are part of the problem of big government."
Maybe I am just dense this morning, but I don't follow how mega-retailers and high gas prices are the result of over-regulation. I'd like to hear your reasoning behind this assertation.
I would have normally thought that mega-retailers come from economies of scale and market forces and are not restricted in growth because of of little regulation at the local level.
I can see how taxes and some regulations increase gas prices, but on the flip side the cost of roads is highly subsidised vs the cost of railroads. If true market costs were felt on each, much of the current cross-country truck transit would be moved to rail.
If I have a flawed view of the world or economics, I would like to correct that view.
There was a news article a while back about coca plants in columbia developing a resistance to RoundUp. It was a combination of plants mutating and humans finding and helping along resistant mutations.
Have courage.
...oh, and don't quit yet, you might find that you are in a perfect position to grow your leadership potential.
Sometimes being a professional is hard.
You may have to subtly introduce ideas and not worry about getting credit.
Depending on the size and culture of the company making changes can range from demonstrating it first, doing it and asking for forgiveness later, to even subtly mentioning some ideas to the right person and allowing them to later "have a great idea" that you can implement.
Find another professional who you respect, they don't need to be a developer but it is preferable that they can grok technology and your work situation and that they don't report to anyone near your manager. Ask them if they would mentor you and have weekly or monthly coffee with them so you can bounce ideas off of them.
In the long run, their advice will be much better than what you get on Slashdot!
Once you install version control and bug tracking, make some time to teach your manager how to use them and show him how to pull statistics from them.
Hopefully seeing the value of the statistics and an example of tracking changes and how you can back out a buggy change several revisions ago will change his mind.
If not, you might need to set up a seperate branch and an automated nightly diff/copy/submit that will automatically pull in changes that your manager makes to code stored on a share.
It takes some people a little while to get used to the process of using revision control and bug tracking systems. Your manager is probably reluctant beause he hasn't been shown the value and is nervous about learning something new.
...and here I thought that the music industry hasn't been releasing new music and I come to find out that my "english" filter was redirecting all of their new music to the trash.
Let's take a look and see...nope, the filter was right, it is right where it belongs.
Your products suck.
Sincerely,
The Consumer
Several universities and community colleges have programs. I took a certificate program http://www.extension.washington.edu/ext/certificat es/cpf/cpf_gen.asp/ I highly recommend.
Law Enforcement in some states will allow civilians to volunteer time assisting with some types of cases. You might be able to help a police officer and get training.
Many of the forensics software vendors offer training. This is tool-specific and wouldn't emphasise the legal context as much.
SANS also has a training program. I have reviewed a few of the materials and it gets very technically detailed, but it might be slightly lacking in the areas of working with lawyers and the legal process.
Whoops, I forgot a link.
FTK (Forensic Tool Kit) is made by Access Data.
http://www.accessdata.com/
Going from memory (which is occasionally faulty):
Current DoD standards call for 7 writes - several random with at least one of all zeros and at least one of all ones.
Some research in the last year using electron microscopes suggests that to really make the data unreadable, 14 writes should be done.
Despite both of these, modern (in excess of 20 GB) drives are using increasing levels of abstraction where without intimate knowledge of the drive firmware logic AND the full contents of the drive ROM AND the electron microscope/spin stand data, once it is wiped even one time you are relatively safe.
Beyond the first wipe, if it is wiped with random data, I would hazzard a guess that 99% of the forensics experts wouldn't be able to recover much beyond knowledge of the program that wiped the drive.
This is a mess. If at all possible, turn the computer off now, don't let anyone else touch it, and call a forensics expert before you contaminate this evidence any further.
You mention that the drive has been used for a period of time since the original forensics expert examined it. That could be a problem.
Ideally, the orignal forensics expert would have used a write blocking device (hardware) and carefully made a bit for bit (dd, encase, etc.) image of the drive.
That image is evidence and should be made available to opposing council and their experts for examination.
If an image was not obtained, you might have reason to question the completeness of the original investigation.
In either case, I would make your own image as soon as possible. If you can't get a forensics person (please try to get a professional first), then boot from a knoppix or forenisic linux boot disk and use DD to make a drive image and burn a copy of that image to CD. (This isn't perfect, but in this case the data has already been altered by a period of normal use and knoppix + dd are known quantities.)
Just make detailed notes about everything that you do and everything that happened to the drive since it was last touched by the suspect. Include a list of everyone who is known to have accessed the system and everyone who could have accessed the system.
Depending on the software used and the methods that the suspect used, there might be a lot of data and there might be just a few bits of data that could prove either case.
If it really matters, hire someone who has been trained in computer forensics to examine your DD image. If you would like to provide a throwaway email address where we can reach you, I am sure that a few dozen slashdotters would be willing to send you our CVs and we can either discuss the case further or send you to a reputable expert in your area.
On the other hand, if you are just curious, visit and load up the image in FTK. If you don't know what you are looking for, you could spend months searching for evidence. If you do know what you are looking for, you could easily spend a week just collecting all of the relevant evidence.
Better yet, find a professional and leave the job to them. Ask a professional group like http://www.ctin.org/ for a reference. (Full Disclosure: I am a member of CTIN and I have studied computer forensics, but I am not a yet a practitioner in the field so please call a professional before following the advice that you read on slashdot.)
If you find a good person, they will tell you what they can and can't do and they will verify that they are qualified to do the examination before they take the case.
Print statements don't work very well in a lot of places.
For example, when the run takes 5 hours and the problem is in the last 5 minutes. Or when your C/C++ code sits in a kernel mode driver.
Debuggers exist for a reason.